virus navysearch, pub en tous genresFermé

Question

Bonsoir , je suis infesté de pubs et programmes comme navysearch, winantiviruspro2006. J'ai lu qu'il fallait faire ces quelques manipes. Alors les voici . Peut on m'aider? Merci

Résultats Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 23:10:33, on 06/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Sécurité\FSPC\fspc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\Rar$EX02.484\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -close
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [optionbalmprogramcreative] C:\Documents and Settings\All Users\Application Data\atom camp option balm\sixthdumb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Odebit Multimedia V2] C:\Program Files\Odebit Multimédia\V2\Odebit.exe
O4 - HKCU\..\Run: [Scrflap] C:\DOCUME~1\PASCAL~1\APPLIC~1\UPLOAD~1\FOURREAL.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pack Sécurité.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{75889E2D-08BD-4142-AEB9-25009930B44D}: NameServer = 86.64.145.144 84.103.237.144
O18 - Protocol: bw+0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {58E984D8-6616-4C75-A8B1-3599AF93A90A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------

Résultats Blacklight

12/06/06 22:49:23 [Info]: BlackLight Engine 1.0.47 initialized
12/06/06 22:49:23 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/06/06 22:49:25 [Note]: 7019 4
12/06/06 22:49:25 [Note]: 7005 0
12/06/06 22:49:51 [Note]: 7006 0
12/06/06 22:49:51 [Note]: 7011 1536
12/06/06 22:49:51 [Note]: 7026 0
12/06/06 22:49:52 [Note]: 7026 0
12/06/06 22:49:52 [Note]: 7024 3
12/06/06 22:49:52 [Info]: Hidden process: C:\windows\system32\dmktraxgxn.exe
12/06/06 22:49:53 [Note]: FSRAW library version 1.7.1020
12/06/06 22:56:57 [Note]: 4013 66337
12/06/06 22:56:57 [Note]: 4020 24243 2621440
12/06/06 22:56:57 [Note]: 4018 24243 2621440
12/06/06 22:56:57 [Note]: 4013 66337
12/06/06 22:56:57 [Note]: 4020 24243 2621440
12/06/06 22:56:57 [Note]: 4018 24243 2621440
12/06/06 23:05:32 [Info]: Hidden file: c:\WINDOWS\system32\dmktraxgxn_navps.dat
12/06/06 23:05:32 [Note]: 10002 1
12/06/06 23:05:38 [Info]: Hidden file: c:\WINDOWS\system32\dmktraxgxn.dat
12/06/06 23:05:38 [Note]: 10002 1
12/06/06 23:05:38 [Info]: Hidden file: C:\windows\system32\dmktraxgxn.exe
12/06/06 23:05:38 [Note]: 10002 1
12/06/06 23:05:39 [Info]: Hidden file: c:\WINDOWS\system32\dmktraxgxn_nav.dat
12/06/06 23:05:39 [Note]: 10002 1
12/06/06 23:06:17 [Info]: Hidden file: c:\WINDOWS\Prefetch\DMKTRAXGXN.EXE-2732815D.pf
12/06/06 23:06:17 [Note]: 10002 1
12/06/06 23:09:11 [Note]: 7007 0

Utilisateur anonyme · Answer

Bonjour

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les  manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.


$$ Télécharge Brute Force Uninstaller (de Merijn)
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)


$$ FAIS UN CLIC-DROIT sur le lien suivant
http://metallica.geekstogo.com/EGDACCESS.bfu 
et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note: si tu utlises Internet Explorer, lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).


$$ Ouvre le Bloc-note et copie-colle les lignes ci-dessous 

RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dmktraxgxn
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dmktraxgxn
FileDelete %SYSDIR%\dmktraxgxn_navps.dat
FileDelete %SYSDIR%\dmktraxgxn_nav.dat
FileDelete %SYSDIR%\dmktraxgxn.dat
FileDelete %SYSDIR%\dmktraxgxn.exe

FileDelete C:\egd.txt
SystemRun regedit|/e C:\egd.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"|0

SystemEmptyTempFolder
SystemEmptyRecycleBin
Sauvegarde dans le dossier créé (C:\BFU) (Nom du fichier : "Fixme.bfu " -sans inclure les guillemets- ; Type : Tous les fichiers).


$$ Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ou F5; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.


$$ Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

--- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

EGDACCESS.bfu

- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.

--- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

Fixme.bfu

Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci :C:\BFU\Fixme.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK

Clique Exit pour fermer le programme BFU.


$$ Redémarre normalement 


Poste un nouveau hijackthis avec le rapport situé ici C:\egd.txt

Poste aussi ce rapport.
Télécharges Lopxp.zip
http://pageperso.aol.fr/balltrap34/lopxp.zip
Dézippes le sur le Bureau
Lances le fichier lopxp.bat 
Postes le rapport

Utilisateur anonyme · Answer

Bonjour

La manip n'a pas n'a pas bien fonctionné. On recommence plus allegé.
Aide en image
https://forum.pcastuces.com/sujet.asp?f=25&s=3902
Pour creer le fichier, Lettre Q. Attention, regarde bien la manip, dans ce cas, ce n'est pas un fichier texte, mais Tout les fichiers.
Pour utiliser BFU, lettre N

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les  manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.

Ouvre le Bloc-note et copie-colle les lignes ci-dessous 

RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dmktraxgxn
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dmktraxgxn
FileDelete %SYSDIR%\dmktraxgxn_navps.dat
FileDelete %SYSDIR%\dmktraxgxn_nav.dat
FileDelete %SYSDIR%\dmktraxgxn.dat
FileDelete %SYSDIR%\dmktraxgxn.exe

FileDelete C:\egd.txt
SystemRun regedit|/e C:\egd.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"|0

SystemEmptyTempFolder
SystemEmptyRecycleBin
Sauvegarde dans le dossier créé (C:\BFU) (Nom du fichier : "Fixme.bfu " -sans inclure les guillemets- ; Type : Tous les fichiers).


$$ Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ou F5; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.


$$ Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

Fixme.bfu

Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci :C:\BFU\Fixme.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK

Clique Exit pour fermer le programme BFU.


$$ Redémarre normalement 


Poste le rapport nouveau situé ici C:\egd.txt.
Poste aussi le rapport de Lopxp demandé au message 1.

Virus navysearch, pub en tous genres

2 réponses

Discussions similaires

Newsletters